A10 – Redirect validation
Unvalidated redirects and forwards is the tenth most critical security issue for web applications according to OWASP; it happens when an application takes a URL or an internal page as a parameter to perform a redirect or forward operation. If the parameter is not correctly validated, an attacker could abuse it making it to redirect to a malicious Web site.
In this recipe we will see how to validate that the parameter we receive for redirection or forwarding is the one that we intend to have when we develop the application.
How to do it...
- Don't want to be vulnerable? Don't use it. Whenever it's possible, avoid the use of redirects and forwards.
- If it is necessary to make a redirection, try not to use user-provided parameters ...
Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
